Cisco Midyear Security Report Surveys Network Security Landscape

Bangkok - 27 Aug 2010 — Businesses must change their mindset on security to help ensure that their networks and vital corporate information are protected from evolving security threats, according to the Cisco 2010 Midyear Security Report released today. Tectonic shifts — the increasing use of social networking, the proliferation of network-connected mobile devices, and virtualization — continue to alter the security landscape. As a result, enterprise professionals must act immediately to put effective security practices into place in order to protect their companies' reputation and maintain a competitive edge. The report outlines five recommendations for improving corporate security.
Today at 9 a.m. Pacific time Cisco Vice President and Chief Security Officer John N. Stewart and Senior Security Researcher Mary Landesman will discuss findings from the 2010 Midyear Security Report and will outline best practices in a live interactive Internet TV broadcast. The broadcast can be accessed at http://tools.cisco.com/cmn/jsp/index.jsp?id=102551.

Cisco 2010 Midyear Security Report: Key Findings

Tectonic Pressures MountingMajor forces are changing the enterprise security landscape. Social networking, virtualization, cloud computing and a heavy reliance on mobile devices continue to have a dramatic impact on the ability of information technology departments to maintain effective network security. To help manage these converging trends, enterprises should:

Enforce granular per-user policies for access to applications and data on virtualized systems.

Set strict limits for access to business data.

Create a formal corporate policy for mobility.

Invest in tools to manage and monitor cloud activities.

Provide employees with guidance on the use of social media in the workplace.

Virtual Farms Being TendedCisco Security Intelligence Operations research found that 7 percent of global sample of users accessing Facebook spend an average of 68 minutes per day playing the popular interactive game “FarmVille.” “Mafia Wars” was the second most popular game, with 5 percent of users each racking up 52 minutes of play daily, while “Café World,” played by 4 percent of users, accounted for 36 minutes of wasted time per day.

Although loss of productivity is not a security threat, cybercriminals are believed to be developing ways to deliver malware via these games.

Company Policies Ignored Fifty percent of end users admitted that they ignore company policies prohibiting the use of social media tools at least once a week, and 27 percent said they change the settings on corporate devices to access prohibited applications.

Innovation Gap Being Bridged Cybercriminals are using technological innovation to their advantage. They exploit the gap between how quickly they can innovate to profit from vulnerabilities and the speed at which enterprises deploy advanced technologies to protect their networks.

While legitimate businesses spend time weighing the decision to embrace social networking and peer-to-peer technologies, cybercriminals are among the early adopters, using them to not only commit crimes but also to enhance their communications and to speed transactions with each other.

Spam Continuing Meteoric Rise Despite recent disruptions to criminal spam operations, in 2010 the worldwide volume of spam is expected to grow by as much as 30 percent over 2009 levels, according to new research compiled by Cisco Security Intelligence Operations.

The United States is once again the country where the largest amount of spam originates, pushing Brazil to third place. India currently ranks second, and Russia and South Korea round out the top five.

Brazil experienced a 4.3 percent decrease in the amount of spam originating in-country, most likely because more ISPs in that country are limiting Port 25 access.

Terrorists Going SocialSocial networks remain a playground for cybercriminals, with an increasing number of attacks. New threats are now emerging from a more dangerous criminal element: terrorists. Indeed, the US Government is concerned enough that they have awarded grants to examine how social networks and other technologies can be used to organize, coordinate, and incite potential attacks.

The report includes several other findings and concludes with recommendations to help enterprises strengthen their security.

Supporting Quotes:

John N. Stewart, Cisco vice president and chief security officer "Technological innovations are fundamentally changing the way people live, work, play, share information and communicate with each other. Because consumers are typically the early adopters, enterprises often struggle to adapt existing polices to address their employees' preferred use of technology. With a number of tectonic forces converging in the marketplace, now is the time for enterprises to transform their IT model to accommodate the emerging borderless network and increasing security challenges."